'\" p
.\" -*- nroff -*-
.TH "ovn-nbctl" 8 "ovn-nbctl" "Open vSwitch 2\[char46]5\[char46]3" "Open vSwitch Manual"
.fp 5 L CR              \\" Make fixed-width font available as \\fL.
.de TQ
.  br
.  ns
.  TP "\\$1"
..
.de ST
.  PP
.  RS -0.15in
.  I "\\$1"
.  RE
..
.SH "NAME"
.PP
ovn-nbctl \- Open Virtual Network northbound db management utility
.SH "SYNOPSYS"
.PP
\fBovn\-nbctl\fR [\fIoptions\fR] \fIcommand\fR [\fIarg\fR\[char46]\[char46]\[char46]]
.SH "DESCRIPTION"
.PP
This utility can be used to manage the OVN northbound database\[char46]
.SH "GENERAL COMMANDS"
.RS
.TP
\fBshow [\fIlswitch\fB]\fR
Prints a brief overview of the database contents\[char46]  If
\fIlswitch\fR is provided, only records related to that
logical switch are shown\[char46]
.RE
.SH "LOGICAL SWITCH COMMANDS"
.RS
.TP
\fBlswitch\-add\fR [\fIlswitch\fR]
Creates a new logical switch named \fIlswitch\fR\[char46]  If
\fIlswitch\fR is not provided, the switch will not have a
name so other commands must refer to this switch by its UUID\[char46]
Initially the switch will have no ports\[char46]
.TP
\fBlswitch\-del\fR \fIlswitch\fR
Deletes \fIlswitch\fR\[char46]
.TP
\fBlswitch\-list\fR
Lists all existing switches on standard output, one per line\[char46]
.RE
.SH "ACL COMMANDS"
.RS
.TP
[\fB\-\-log\fR] \fBacl\-add\fR \fIlswitch\fR \fIdirection\fR \fIpriority\fR \fImatch\fR \fIaction\fR
Adds the specified ACL to \fIlswitch\fR\[char46]
\fIdirection\fR must be either \fBfrom\-lport\fR or
\fBto\-lport\fR\[char46]  \fIpriority\fR must be between
\fB1\fR and \fB65534\fR, inclusive\[char46]  If
\fB\-\-log\fR is specified, packet logging is enabled for the
ACL\[char46]  A full description of the fields are in \fBovn\-nb\fR(5)\[char46]
.TP
\fBacl\-del\fR \fIlswitch\fR [\fIdirection\fR [\fIpriority\fR \fImatch\fR]]
Deletes ACLs from \fIlswitch\fR\[char46]  If only
\fIlswitch\fR is supplied, all the ACLs from the logical
switch are deleted\[char46]  If \fIdirection\fR is also specified,
then all the flows in that direction will be deleted from the
logical switch\[char46]  If all the fields are given, then a single flow
that matches all the fields will be deleted\[char46]
.TP
\fBacl\-list\fR \fIlswitch\fR
Lists the ACLs on \fIlswitch\fR\[char46]
.RE
.SH "LOGICAL PORT COMMANDS"
.RS
.TP
\fBlport\-add\fR \fIlswitch\fR \fIlport\fR
Creates on \fIlswitch\fR a new logical port named
\fIlport\fR\[char46]
.TP
\fBlport\-add\fR \fIlswitch\fR \fIlport\fR \fIparent\fR \fItag\fR
Creates on \fIlswitch\fR a logical port named \fIlport\fR
that is a child of \fIparent\fR that is identifed with VLAN ID
\fItag\fR\[char46]  This is useful in cases such as virtualized
container environments where Open vSwitch does not have a direct
connection to the container\(cqs port and it must be shared with
the virtual machine\(cqs port\[char46]
.TP
\fBlport\-del\fR \fIlport\fR
Deletes \fIlport\fR\[char46]
.TP
\fBlport\-list\fR \fIlswitch\fR
Lists all the logical ports within \fIlswitch\fR on
standard output, one per line\[char46]
.TP
\fBlport\-get\-parent\fR \fIlport\fR
If set, get the parent port of \fIlport\fR\[char46]  If not set, print
nothing\[char46]
.TP
\fBlport\-get\-tag\fR \fIlport\fR
If set, get the tag for \fIlport\fR traffic\[char46]  If not set, print
nothing\[char46]
.TP
\fBlport\-set\-addresses\fR \fIlport\fR [\fIaddress\fR]\[char46]\[char46]\[char46]
Sets the addresses associated with \fIlport\fR to
\fIaddress\fR\[char46]  Each \fIaddress\fR should be either an
Ethernet address or an Ethernet address followed by an IP address
(separated by a space and quoted to form a single command-line
argument)\[char46]  The special form \fBunknown\fR is also valid\[char46]
Multiple Ethernet addresses or Ethernet+IP pairs may be set\[char46] If no
\fIaddress\fR argument is given, \fIlport\fR will have no
addresses associated with it\[char46]
.TP
\fBlport\-get\-addresses\fR \fIlport\fR
Lists all the addresses associated with \fIlport\fR on standard
output, one per line\[char46]
.TP
\fBlport\-set\-port\-security\fR \fIlport\fR [\fIaddrs\fR]\[char46]\[char46]\[char46]
Sets the port security addresses associated with \fIlport\fR to
\fIaddrs\fR\[char46]  Multiple sets of addresses may be set by using
multiple \fIaddrs\fR arguments\[char46]  If no \fIaddrs\fR argument
is given, \fIlport\fR will not have port security enabled\[char46]
.IP
Port security limits the addresses from which a logical port may send
packets and to which it may receive packets\[char46]  See the
\fBovn\-nb\fR(5) documentation for the \fBport_security\fR column in the \fBLogical_Port\fR table for details\[char46]
.TP
\fBlport\-get\-port\-security\fR \fIlport\fR
Lists all the port security addresses associated with \fIlport\fR
on standard output, one per line\[char46]
.TP
\fBlport\-get\-up\fR \fIlport\fR
Prints the state of \fIlport\fR, either \fBup\fR or
\fBdown\fR\[char46]
.TP
\fBlport\-set\-enabled\fR \fIlport\fR \fIstate\fR
Set the administrative state of \fIlport\fR, either \fBenabled\fR
or \fBdisabled\fR\[char46]  When a port is disabled, no traffic is allowed into
or out of the port\[char46]
.TP
\fBlport\-get\-enabled\fR \fIlport\fR
Prints the administrative state of \fIlport\fR, either \fBenabled\fR
or \fBdisabled\fR\[char46]
.TP
\fBlport\-set\-type\fR \fIlport\fR \fItype\fR
Set the type for the logical port\[char46]  No special types have been implemented yet\[char46]
.TP
\fBlport\-get\-type\fR \fIlport\fR
Get the type for the logical port\[char46]
.TP
\fBlport\-set\-options\fR \fIlport\fR [\fIkey=value\fR]\[char46]\[char46]\[char46]
Set type-specific key-value options for the logical port\[char46]
.TP
\fBlport\-get\-options\fR \fIlport\fR
Get the type-specific options for the logical port\[char46]
.RE
.SH "OPTIONS"
.RS
.TP
\fB\-\-db\fR \fIdatabase\fR
The OVSDB database remote to contact\[char46]  If the \fBOVN_NB_DB\fR
environment variable is set, its value is used as the default\[char46]
Otherwise, the default is \fBunix:/usr/local/var/run/openvswitch/db\[char46]sock\fR, but this
default is unlikely to be useful outside of single-machine OVN test
environments\[char46]
.TP
\fB\-h\fR | \fB\-\-help\fR
.TQ .5in
\fB\-o\fR | \fB\-\-options\fR
.TQ .5in
\fB\-V\fR | \fB\-\-version\fR
.RE
.SH "LOGGING OPTIONS"
.RS
.TP
\fB\-v\fR\fIspec\fR, \fB\-\-verbose=\fR\fIspec\fR
.TQ .5in
\fB\-v\fR, \fB\-\-verbose\fR
.TQ .5in
\fB\-\-log\-file\fR[\fB=\fR\fIfile\fR]
.TQ .5in
\fB\-\-syslog\-target=\fR\fIhost\fR\fB:\fR\fIport\fR
.RE
.SH "PKI CONFIGURATION (REQUIRED TO USE SSL)"
.RS
.TP
\fB\-p\fR, \fB\-\-private\-key=\fR\fIfile\fR  file with private key
.TQ .5in
\fB\-c\fR, \fB\-\-certificate=\fR\fIfile\fR  file with certificate for private key
.TQ .5in
\fB\-C\fR, \fB\-\-ca\-cert=\fR\fIfile\fR      file with peer CA certificate
.RE
